#!/bin/bash 
set -e


TMP=${TMP:-/tmp/work}
LOG=${LOG:-$HOME/logs/stage4}
SRC=${SRC:-/sources}

name=make-ca
version=1.7

rm -rf $TMP
mkdir -p $TMP $LOG

tar xf $SRC/$name-$version.tar.xz -C $TMP

{ time \
   {

    cd $TMP/$name-$version

	make install &&
	install -vdm755 /etc/ssl/local

	/usr/sbin/make-ca -g

	systemctl enable update-pki.timer

	openssl x509 -in $SRC/root.crt -text -fingerprint -setalias "CAcert Class 1 root" \
	        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \
	        > /etc/ssl/local/CAcert_Class_1_root.pem &&
	openssl x509 -in $SRC/class3.crt -text -fingerprint -setalias "CAcert Class 3 root" \
	        -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \
	        > /etc/ssl/local/CAcert_Class_3_root.pem &&
	/usr/sbin/make-ca -r -f
    
    }
} 2>&1 | tee $name.log
    
[ $PIPESTATUS = 0 ] && mv $name.log $LOG || exit $PIPESTATUS

rm -fr $TMP
